postfixadmin: allows to delete protected aliases (CVE-2017-5930)
Affected versions:
PostfixAdmin 3.0 and 3.0.1
PostfixAdmin 2.91, 2.92 and 2.93 (which actually are 3.0 beta releases)
Older PostfixAdmin releases (2.3.x and older) are not affected.
PostfixAdmin 3.0.2 will fix this issue
References:
https://github.com/postfixadmin/postfixadmin/pull/23
http://openwall.com/lists/oss-security/2017/02/07/6
(from redmine: issue id 6833, created on 2017-02-09, closed on 2017-02-15)
- Relations:
- child #6834 (closed)
- child #6835 (closed)
- child #6836 (closed)
- child #6837 (closed)
- child #6838 (closed)